1. Field of the Invention
The present invention relates to an information processing apparatus that uses a service based on electronic certification information, an authentication apparatus that provides the certification information to the information processing apparatus, and an external apparatus that provides the service to the information processing apparatus.
2. Description of the Related Art
When a client accesses a server to receive a service via a network, the client is generally required to present authentication information such as a user name and a password. Such authentication information is required to prevent unauthorized users from accessing the server.
However, especially in the case of the Internet, it is not preferable that such authentication information is often transmitted through the network since many unnamed users may access the transmitted authentication information.
To avoid such a problem, an electronic certificate (hereinafter referred to as a “ticket”), instead of the authentication information, may be presented to the server. The ticket certifies that the user is authorized and has been authenticated.
The client first presents the user name and the password, for example, to an authentication server in which ticketing function is installed. The authentication server authenticates the client, and issues a ticket.
When the client presents the ticket to a particular server and requests for a service, the particular server requests the authentication server to verify the authenticity of the ticket. The particular server provides the client with the requested service subject to the verification of the authenticity of the ticket by the authentication server.
The ticket does not contain the authentication information such as the password. The ticket is valid for a validity period in which the client can use the service of the particular server. According to such arrangements, if the ticket is stolen, damage caused by the inauthentic use of the ticket would be less serious than inauthentic use of stolen password. The use of the ticket ensures to improve the security of the network.
“Single sign-on” technique has been already introduced in order to save user's time to input the user name and the password, for example. In the case of the single sign-on technique, when the user uses services of multiple servers, the user is required to input the user name and the password, for example, only once when the user has a ticket issued. Once the ticket is issued, the user can user the services of the multiple servers: by using the ticket, without inputting the user name and the password, for example.
However, as described above, the ticket is valid only for a validity period. When the ticket expires, the ticket is no more valid. The user cannot use a service of a server without a valid ticket.
The user needs to have another ticket issued in order to use the service of the server. The user needs to input the user name and the password, for example, again. The user may feel this troublesome.